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DETAILED ACTION 

Response to Arguments 
Applicant's arguments with respect to claims 1,14, and 25 have been considered but are 
moot in view of the new ground(s) of rejection with regards to Perlman US 5,892,828. 



Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claim 1, 3-6, 14, 16-19, 25, and 27-30 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Wood US 6,892,307 in view of Perlman US 5,892,828. 



As per claim 1 5 Wood teaches a method for an authentication process within a distributed 
data processing system, the method comprising: receiving an attribute certificate 
(credentials structure) (Col 18 lines 34-35) from a client (browser client). (Col 18 line 38) 
at a host (authentication service) (Col 18 line 50) within the distributed data processing 
system (enterprise system) (Col 7 lines 34-36); extracting encrypted authentication data 
from the attribute certificate (decrypting) (Col 18 lines 54-55), wherein the encrypted 
authentication data was generated by encrypting authentication data with a public key 
associated with the host (encrypted with public key of authentication service) (Col 18 
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lines 49-51); decrypting the encrypted authentication data to regenerate the authentication 
data using a private key associated with the host (decrypting with using authentication 
service private key) (Col 1 8 lines 54-55). Wood fails to teach forwarding the 
authentication data to a controlled resource. 

Perlman teaches forwarding the authentication data to a controlled resource which 
authenticates the client before allowing access. (Application 236 at Server Node 202b) 
(Col 6 lines 28-35). 

It would have been obvious to one of ordinary skill in the art to use the forwarding of 
Perlman with the system of Wood to because the systems are in the analogous art of 
authentication. 

As per claim 3, Wood teaches the authentication data comprises a user identity and a 
password (username password pair)(Claim 27). 

As per claim 4, Perlman. teaches authenticating the client for access to the controlled 
resource based on the authentication data (efficient authentication), (Col 6 line 32-33). 

As per claim 5, Wood teaches that the certificate (credential structure) (Col 18 line 35) 
contains multiple sets of authentication data (at least 2) (claim 27) for multiple hosts 
(plural information resources) (claim 24), the method further comprising: parsing the 
authentication data to retrieve a specific set of authentication data for the host (obtaining 
the credential) (claim 24). 



Application/Control Number: 09/82 1 ,079 m Page 4 

Art Unit: 2134 

As per claim 6 Wood teaches that the authentication data (credential structure) (Col 1 8 
line 35) contains multiple sets of authentication parameters (at least 2) (claim 27) for 
multiple controlled resources (plural information resources) (claim 24), the method 
further comprising: parsing the authentication data to retrieve a specific set of 
authentication data for the controlled resource (obtaining the credential) (claim 24). 

As per claim 14, Wood teaches a method for an authentication process within a 
distributed data processing system, the method comprising: receiving an attribute 
certificate (credentials structure) (Col 18 lines 34-35) from a client (browser client) (Col 
18 line 38) at a host (authentication service) (Col 18 line 50) within the distributed data 
processing system (enterprise system) (Col 7 lines 34-36); extracting encrypted 
authentication data from the attribute certificate (decrypting) (Col 18 lines 54-55), 
wherein the encrypted authentication data was generated by encrypting authentication 
data with a public key associated with the host (encrypted with public key of 
authentication service) (Col 18 lines 49-51); decrypting the encrypted authentication data 
to regenerate the authentication data using a private key associated with the host 
(decrypting with using authentication service private key) (Col 18 lines 54-55). Wood 
fails to teach forwarding the authentication data to a controlled resource. 
Perlman teaches forwarding the authentication data to a controlled resource which 
authenticates the client before allowing access. (Application 236 at Server Node 202b) 
(Col 6 lines 28-35). 
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It would have been obvious to one of ordinary skill in the art to use the forwarding of 
Perlman with the system of Wood to because the systems are in the analogous art of 
authentication. 

As per claim 1 6, Woods teaches the authentication data comprises a user identity and a 
password (username password pair)(Claim 27). 

As per claim 17, Perlman. teaches authenticating the client for access to the controlled 
resource based on the authentication data (efficient authentication), (Col 6 line 32-33). 

As per claim 18, Wood teaches that the certificate (credential structure) (Col 18 line 35) 
contains multiple sets of authentication data (at least 2) (claim 27) for multiple hosts 
(plural information resources) (claim 24), the method further comprising: parsing the 
authentication data to retrieve a specific set of authentication data for the host (obtaining 
the credential) (claim 24). 

As per claim 19 Wood teaches that the authentication data (credential structure) (Col 18 
line 35) contains multiple sets of authentication parameters (at least 2) (claim 27) for 
multiple controlled resources (plural information resources) (claim 24), the method 
further comprising: parsing the authentication data to retrieve a specific set of 
authentication data for the controlled resource (obtaining the credential) (claim 24). 

As per claim 25, Wood teaches a method for an authentication process within a 
distributed data processing system, the method comprising: receiving an attribute 
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certificate (credentials structure) (Col 18 lines 34-35) from a client (browser client) (Col 
18 line 38) at a host (authentication service) (Col 18 line 50) within the distributed data 
processing system (enterprise system) (Col 7 lines 34-36); extracting encrypted 
authentication data from the attribute certificate (decrypting) (Col 18 lines 54-55), 
wherein the encrypted authentication data was generated by encrypting authentication 
data with a public key associated with the host (encrypted with public key of 
authentication service) (Col 18 lines 49-51); decrypting the encrypted authentication data 
to regenerate the authentication data using a private key associated with the host 
(decrypting with using authentication service private key) (Col 18 lines 54-55). Wood 
fails to teach forwarding the authentication data to a controlled resource. 
Perlman teaches forwarding the authentication data to a controlled resource which 
authenticates the client before allowing access. (Application 236 at Server Node 202b) 
(Col 6 lines 28-35). 

It would have been obvious to one of ordinary skill in the art to use the forwarding of 
Perlman with the system of Wood to because the systems are in the analogous art of 
authentication. 

As per claim 27, Wood teaches the authentication data comprises a user identity and a 
password (username password pair)(Claim 27). 

As per claim 28, Perlman. teaches authenticating the client for access to "the controlled 
resource based on the authentication data (efficient authentication), (Col 6 line 32-33). 
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As per claim 29, Wood teaches that the certificate (credential structure) (Col 18 line 35) 
contains multiple sets of authentication data (at least 2) (claim 27) for multiple hosts 
(plural information resources) (claim 24), the method further comprising: parsing the 
authentication data to retrieve a specific set of authentication data for the host (obtaining 
the credential) (claim 24). 

As per claim 30 Wood teaches that the authentication data (credential structure) (Col 18 
line 35) contains multiple sets of authentication parameters (at least 2) (claim 27) for 
multiple controlled resources (plural information resources) (claim 24), the method 
further comprising: parsing the authentication data to retrieve a specific set of 
authentication data for the controlled resource (obtaining the credential) (claim 24). 

Claims 2, 15, and 26 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Wood US 6,892,307 in view of Perlman US 5,892,828 in view of Olden US 6,460,141 

As per claims 2, 15, and 26 the previous Wood-Perlman combination does not teach 
legacy applications. 

Olden teaches the controlled resource is a legacy application (legacy application) (Col 25 
lines 20-25). It would have been obvious to one of ordinary skill in the art to use the 
legacy application of Olden with the system of Wood-Perlman because it maintains 
backwards compatibility and they are of analogous arts. 
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Claim 7, 20, and 31 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Wood US 6,892,307 in view of Perlman US 5,892,828 in view of Butt US 6,754,829 

As per claims 7, 20, and 31 the previous Wood-Perlman combination does not teach the 
X.509 standard. Butt teaches certificates are formatted according to an X.509 standard 
(X.509) (Col 4 lines 56-65). 

It would have been obvious to one of ordinary skill in the art to use the X.509 standard 
because it is well known and operating system independent (Col 4 lines 60-65). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
. SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher J. Brown whose telephone number is 
(571)272-3833. The examiner can normally be reached on 8:30-6:00. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571)272-381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR, Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR. system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Christopher J. Brown 1 0/28/07 





